Question: 1
A correctly-formatted entry has been added to /etc/hosts.allow to allow certain clients to connect to a
service, but this is having no effect. What would be the cause of this?
A. The machine needs to be restarted.
B. The service needs to be restarted.
C. There is a conflicting entry in /etc/hosts.deny.
D. The service does not support tcpwrappers.
E. tcpd needs to be sent the HUP signal.

Answer: D
Explanation:
Many daemons provides their own set of security mechanism to identify the host or user. Ie. httpd or
smb etc. These mechanism are more advanced then the simple functionality that tcp_wrappers
provides. On the other hand, it is much easier to use one central location for your service security policy.
The librwap.so library, more commonly referred to as tcp_wrappers, provides host based access control
lists for various network services.
tcp_wrappers can’t provides the access control lists to that services not liked with libwrap.so.
Some services compiled with libwrap.so are
• sendmail
• slapd
• sshd
• stunnel
• xinetd
• gdm
• gonme-session
• portmap

Question: 2
Which Apache directive is used to configure the main directory for the site, out of which it will serve
documents?

Answer:
DOCUMENTROOT
Explanation:

http://www.cert4prep.com/117-202.html

Page 2

To specify the Main directory for the documents of website we should use the DocumentRoot
directorive.
See the sample Configuration
<VirtualHost 192.168.0.100>
ServerName www.example.com
DocumentRoot /var/www/example Ă The Directory contains the main documents of www.example.com
</VirtualHost>

Question: 3
What file should be edited to make the route command show human-readable names for networks?
(Please enter the full path)

Answer:
/ETC/NETWORKS
Question: 4
Some users are unable to connect to specific local hosts by name, while accesing hosts in other zones
works as expected. Given that the hosts are reachable by their IP addresses, which is the default log file
that could provide hints about the problem?
A. /var/lib/named/dev/log
B. /var/named/log
C. /var/log/bind_errors
D. /var/log/bind/errors
E. /var/log/messages

An SSH port-forwarded connection to the web server www.example.com was invoked using the
command ssh -TL 80:www.example.com:80 user@www.example.com. Which TWO of the following are
correct?
A. The client can't connect to the web server by typing http://www.example.com/ into the browser's
address bar. This is only possible using http://localhost/.
B. The client can connect to the web server by typing http://www.example.com/ into the browser's
address bar and the connection will be encrypted.
C. It is only possible to port-forward connections to insecure services that provide an interactive shell
(like telnet).
D. The client can connect to www.example.com by typing http://localhost/ into the browser's address
bar and the connection will be encrypted.
E. The client can connect to the web server by typing http://www.example.com/ into the browser's
address bar and the connection will not be encrypted.

Question: 8
Where is the user foo's procmail configuration stored, if home directories are stored in /home? Please
enter the complete path to the file.

Answer:
/HOME/FOO/.PROCMAILRC
Explanation: Procmail is a very powerful delivery tool, different uses included:

http://www.cert4prep.com/117-202.html

Page 6

- Sorting incoming email into different folders or files
- Preprocessing email
- Starting an event or program when email is received
- Automatically forwarding email to others
- Remember additional MTA (mail transport Agent) must configured
Once your MTA has been configured to use procmail you may implement a system â&#x20AC;&#x201C; wide configuration
(/etc/procmailrc) or by individual user $HOME/.procmailrc to sort mail or forward the mail by checking
header information.

Question: 9
The users of the local network complain that name resolution is not fast enough. Enter the command,
without the path or any options, that shows the time taken to resolve a DNS query.

Answer: B
Explanation: dig, nslookup and host commands send the request to DNS server specified in
/etc/resolv.conf.
Among them dig command is the most useful and provides the most information of DNS queries.